Training - Enterprise Network Investigation and Threat Profiling

Classroom lessons are based on actual real-world case histories taken from WBG’ numerous high profile cyber-crimes investigations.

Attendees learn to detect, track and solve sophisticated attacks and intrusions in a fraction of the time normally required, even in cases where evidence is lacking or destroyed in large, complex networks.

Using a succession of our company's actual case history investigations, our class is taught from three distinct perspectives at the same time:

  • From a cyber-crime investigator's standpoint;
  • From a network defender's standpoint;
  • From a professional attacker's standpoint.

Class sessions are interactive and include hands-on learning, brain storming sessions and instructor led, real-world case investigations with case resolutions.

About the Training

Our four-day Enterprise Network Investigations and Threat Profiling class is substantially different from courses of a similar title. Instead of focusing on computer investigations, the course centers on "network investigations". Because the most effective network intrusions often employ an organization's own defensive measures to be successful, investigators must possess an intricate understanding of the network's individual and corporate vulnerabilities.

White Badger defines network investigations as an approach which emphasizes an enterprise-level analysis of a network, rather than focusing on individual computers. Students learn to see the environment from an attacker's point of view. This allows them to detect, track, and solve sophisticated attacks and exploits in a fraction of the time normally required.

The threat profiling portion of the course equips the student to conduct rapid investigations in complex intrusion scenarios using anecdotal and seemingly unrelated data to narrow the focus to a small, manageable list of suspects. Finally, attendees learn how to eliminate substantial by re-engineering and reconfiguring their existing network defenses.

Who Should Attend

Due to the sensitive and technical nature of this class, it is only recommended for professional, full-time, cyber crime investigators and enterprise network defense professionals responsible for network defense, threat mitigation, incident response and evidence gathering. Corporate and government employees are welcome (1).

Attendees should possess a sound understanding of TCP/IP and enterprise authentication, and at least two years of experience with network perimeter defense systems.

What You Will Learn

Enterprise Intrusion Investigations
Investigators will gain big picture perspective on the complexities of enterprise class network defense strategy and learn how experienced hackers can successfully circumvent those measures. The class will demonstrate through lectures and real world case studies how improperly implemented authentication across a large organization or a broadly staged infrastructure may lead to an undetectable, catastrophic security breach. These sessions reveal the techniques and thought processes employed in effectively investigating some of the most sophisticated and well-engineered attacks.

Pitfalls of Standard Defenses
Some investigators skirt the technical details of the most complex cases in favor of a high level approach that relies upon widely accepted investigation tools and techniques. The most experienced attackers, however, apply custom tools and tactics, unconventional thinking, and superb mastery of technical detail to achieve their objectives.

The best attackers use a company's own defenses, even its own protective encryption systems, to foster attacks and to prevent discovery. Using real-world case histories, this portion of the course will stimulate the thinking of the most experienced cyber crimes investigators, while guiding less experienced investigators through the use of customized and unconventional investigation techniques and tools to solve these complex cases.

Threat Profiling and Identification
These sessions introduce attendees to a sophisticated new methodology that allows investigators to detect and to solve complex cases rapidly, even when the evidence appears to be missing, destroyed, or overwritten. These sessions focus on developing the mentality and skill set that leads to the use of these effective investigative techniques. The goal is to teach the attendee to understand and out-think the adversary, not attempt to match technical prowess with elusive foes that are almost always one step ahead.

Attendees will learn that insider threats can be largely eliminated through implementation of covert psychological profiling in the pre-employment review process, combined with periodic follow up assessments of active duty personnel.

Disclaimers and Conditions

1. White Badger Group will carefully review the background and credentials of all non-law enforcement applicants. White Badger Group reserves the right to reject any and all non-law enforcement applicants for any reason without explanation. Alternatively, White Badger Group may elect to modify the class content to reduce the sensitivity sufficient to match certain groups of non-law enforcement applicants.